Splunk® Supported Add-ons

Splunk Add-on for VMware Metrics

Configure the Splunk Add-on for VMware metrics to collect data from vCenter server systems using the VMware API

The Splunk Add-on for VMware Metrics uses the VMware API to collect data about your virtual environment. It communicates with vCenter Server using network ports and Splunk management ports.

Sender Receiver Port number Description
Scheduler (on the search head) vCenter server 443 The scheduler uses port 443 to connect to the vCenter Server to verify that the vCenter Server credentials are valid. It also uses this port to discover the number of managed ESXi hosts in the environment.
Splunk Add-on for VMware Metrics Data Collection Node 8089 The Splunk App for VMware Metrics connects to the Data Collection Node (DCN) on the default Splunk management port, TCP 8089.
Scheduler Data Collection Node 8008 When the DCN and Splunk App for VMware have established a connection, the scheduler, which typically runs on the search head, allocates data collection jobs to the DCN on the TCP port 8008. TCP port 8008 is the gateway port. In your environment, if another service uses port 8008, you can configure a different port for communication between the data collection node and the gateway. Data collection nodes do not have to communicate on the same port.
gateway_port = 8008

To change the ports for each data collection node individually, set the port in each stanza.

Data Collection Node (DCN) vCenter Server 443 The DCN communicates with vCenter Server API on port 443 to execute the data collection tasks allocated to it.
Data Collection Node Splunk indexer 9997 The Data Collection Node uses port 9997 to forward data it has retrieved from the vCenter Server using the API.

After the Splunk Add-on for VMware Metrics establishes a connection with a vCenter Server, the DCN uses port 443 to obtain the credentials for vCenter Server. The DCN uses port 443 to determine the kind of data to collect, such as performance, inventory, or task-event data. Splunk Add-on for VMware Metrics sends information to the data collection nodes using port 8008 about the information they need to collect from a specific vCenter Server system. The DCN retrieves the data from vCenter Server and forwards the data to the Splunk indexer on port 9997.

How the inventory data collection is performed in Splunk Add-on for VMware Metrics

The Splunk Add-on for VMware Metrics collects inventory data at default interval defined in Splunk_TA_vmware_inframon\default\inframon_ta_vmware_pool.conf configuration file. Since it is not needed to collect full inventory data at every interval, the add-on is designed to collect full inventory data in collectionVersion 1 and then it will collect only change sets (e.g. changes in VM inventory or host inventory) in incremental collectionVersions. After 4 hours of collectionVersion 1 collection or collectionVersion 20, whichever is reached first, add-on will collect full inventory data again and that cycle would be continued.

Control certificate validation for your data collection nodes

Control certificate validation your data collection nodes with the inframon_ta_vmware_config_ssl.conf file. Use it to enable and disable certificate validation for your DCN. By default, certificate validation is disabled.

  1. On your scheduler, navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon/default and copy the inframon_ta_vmware_config_ssl.conf file.
  2. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon and create a local folder.
  3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon/local and paste the inframon_ta_vmware_config_ssl.conf file.
  4. Open the $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon/local/inframon_ta_vmware_config_ssl.conf and set validate_ssl_certificate option to true:
    validate_ssl_certificate = true 
  5. Save your changes.
  6. Restart your Splunk platform instance.

For more information, see About securing inter-Splunk communication in the Securing Splunk Enterprise manual.

Last modified on 13 September, 2023
Configure Splunk Add-on for VMware Metrics to collect ESXi log data   Add configurations in the Collection Configuration page of the Splunk Add-on for VMware Metrics

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters